cbcvebase.
CVE-2023-0976
published 2023-06-07

CVE-2023-0976: A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/…

PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.65%
46.3th percentile
A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. The malicious file is executed by running the TA deployment feature located in the System Tree.

Affected

2 ranges
VendorProductVersion rangeFixed in
trellixagent< 5.7.95.7.9
trellixtrellix_agent
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2023-0976 — Uncontrolled Search Path Element | cvebase